DOCSLIB.ORG

Open Source Code

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Open Source Code Open Source Code NIST S 6106.01 Issue Date: 12/06/2018 Effective Date: 12/06/2018 PURPOSE The purpose of this directive is to define requirements for promoting software code reuse by making custom-developed Federal source code broadly available across the National Institute of Standards and Technology (NIST) in support of NIST programs. APPLICABILITY This directive applies to all projects within NIST that commission development of custom software that will be used in a production capacity (i.e., intended to support a collection of users outside the developer’s immediate organization), except for software covered under Section 6 of Office of Management and Budget (OMB) Memorandum M-16-21. The requirements outlined herein do not apply retroactively (i.e., they do not require that existing custom-developed code be retroactively made available for Government-wide reuse or as open source software. REFERENCES • National Defense Authorization Act 2015 (FITARA) (Title VIII, Subtitle D. H.R. 3979); • Clinger Cohen Act 1996, (USC Title 40 Chapter 113 11301-11303); • Office of Management and Budget, Memorandum 15-14: Management and Oversight of Federal Information Technology; • Office of Management and Budget, Memorandum16-21: Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software; This directive is supplemental to a suite of security controls consisting of: • Department of Commerce, Information Technology Security Program Policy (ITSPP); • Department of Commerce, Commerce Information Technology Requirements (CITRs); • Department of Commerce, Source Code Policy; • NIST, Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, System and Services Acquisition (SA) Family; and • NIST, Information Security Directives. NIST Suborder 6106.01 Ver. 1 (Uncontrolled Copy in Print) Page 1 DEFINITIONS Custom-Developed Code1 – Custom-developed code is code that is first produced in the performance of a Federal contract or is otherwise fully funded by the Federal Government, including code, or segregable portions of code, for which the Government could obtain unlimited rights under Federal Acquisition Regulations (FAR) Pt. 27 and relevant agency FAR Supplements. Custom-developed code also includes code developed by agency employees as part of their official duties. For the purposes of this policy, custom-developed code may include, but is not limited to, code written for software projects, modules, plugins, scripts, middleware, and APIs; it does not, however, include code that is truly exploratory or disposable in nature, such as that written by a developer experimenting with a new language or library. Open Source Software (OSS) – Software that can be accessed, used, modified, and shared by anyone. OSS is often distributed under licenses that comply with the definition of "Open Source" provided by the Open Source Initiative and/or that meet the definition of "Free Software" provided by the Free Software Foundation. Source Code – Computer commands written in a computer programming language that is meant to be read by people. Generally, source code is a higher-level representation of computer commands as they are written by people and, therefore, must be assembled, interpreted, or compiled before a computer can execute the code as a program. REQUIREMENTS 1. An appropriate alternatives analysis will be conducted, incorporating the Three-Step Software Solutions Analysis in the alternatives analysis process, as defined in section 3 of OMB M-16-21. 2. At least 20 percent of newly commissioned custom-developed code will be released as OSS. 3. Newly commissioned custom-developed code which is OSS must be registered in the Department of Commerce (DOC) Software Code Inventory. 4. Newly commissioned custom-developed code must include documentation that describes the function, input and output of the module, and any other information relevant to its reuse. 5. Sufficient rights to newly commissioned custom-developed code to fulfill both the Government-wide reuse objectives and the open source release objectives will be obtained. 6. OSS will not automatically be treated as noncommercial software. 1 As defined in Department of Commerce Source Code Policy. NIST Suborder 6106.01 Ver 1.0 (Uncontrolled Copy in Print) Page 2 7. Exceptions to the requirement defined in this directive may be granted if the following exemption criteria are met: a. The sharing of the source code is restricted by law or regulation, including but not limited to patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information; or b. The sharing of the source code would create identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy; or c. The sharing of the source code would create an identifiable risk to the stability, security, or integrity of NIST’s systems or personnel; or d. The sharing of the source code would create an identifiable risk to NIST’s mission, programs, or operations; or e. The NIST Chief Information Officer (CIO) believes it is in the national interest to exempt sharing the source code. 8. Exception requests must explain why compliance is unachievable and must be approved in writing by the NIST CIO. ROLES AND RESPONSIBILITES Office of the Director • Ensure compliance with the directive across the entire organization. NIST Chief Information Officer • Collect statistics on compliance with this directive annually. • Review and approve exemptions from this directive. Office of Information Systems Management • Assist in the determination of what code is reusable. • Ensure all custom OSS is registered in the DOC Software Code Inventory. • Manage this directive to ensure alignment with Federal and DOC policies. DIRECTIVE OWNER 18 - Office of Information Systems Management APPENDICES A. Revision History NIST Suborder 6106.01 Ver 1.0 (Uncontrolled Copy in Print) Page 3 Appendix A REVISION HISTORY Revision Date Responsible Person Description of Change 11/20/2018 Islelly Castillo Initial Version (OISM) Rev. .01 NIST Suborder 6106.01 Ver 1.0 (Uncontrolled Copy in Print) Page 4 .
Load more

Recommended publications
  • Executable Code Is Not the Proper Subject of Copyright Law a Retrospective Criticism of Technical and Legal Naivete in the Apple V
    Executable Code is Not the Proper Subject of Copyright Law A retrospective criticism of technical and legal naivete in the Apple V. Franklin case Matthew M. Swann, Clark S. Turner, Ph.D., Department of Computer Science Cal Poly State University November 18, 2004 Abstract: Copyright was created by government for a purpose. Its purpose was to be an incentive to produce and disseminate new and useful knowledge to society. Source code is written to express its underlying ideas and is clearly included as a copyrightable artifact. However, since Apple v. Franklin, copyright has been extended to protect an opaque software executable that does not express its underlying ideas. Common commercial practice involves keeping the source code secret, hiding any innovative ideas expressed there, while copyrighting the executable, where the underlying ideas are not exposed. By examining copyright’s historical heritage we can determine whether software copyright for an opaque artifact upholds the bargain between authors and society as intended by our Founding Fathers. This paper first describes the origins of copyright, the nature of software, and the unique problems involved. It then determines whether current copyright protection for the opaque executable realizes the economic model underpinning copyright law. Having found the current legal interpretation insufficient to protect software without compromising its principles, we suggest new legislation which would respect the philosophy on which copyright in this nation was founded. Table of Contents INTRODUCTION................................................................................................. 1 THE ORIGIN OF COPYRIGHT ........................................................................... 1 The Idea is Born 1 A New Beginning 2 The Social Bargain 3 Copyright and the Constitution 4 THE BASICS OF SOFTWARE ..........................................................................
    [Show full text]
  • Studying the Real World Today's Topics
    Studying the real world Today's topics Free and open source software (FOSS) What is it, who uses it, history Making the most of other people's software Learning from, using, and contributing Learning about your own system Using tools to understand software without source Free and open source software Access to source code Free = freedom to use, modify, copy Some potential benefits Can build for different platforms and needs Development driven by community Different perspectives and ideas More people looking at the code for bugs/security issues Structure Volunteers, sponsored by companies Generally anyone can propose ideas and submit code Different structures in charge of what features/code gets in Free and open source software Tons of FOSS out there Nearly everything on myth Desktop applications (Firefox, Chromium, LibreOffice) Programming tools (compilers, libraries, IDEs) Servers (Apache web server, MySQL) Many companies contribute to FOSS Android core Apple Darwin Microsoft .NET A brief history of FOSS 1960s: Software distributed with hardware Source included, users could fix bugs 1970s: Start of software licensing 1974: Software is copyrightable 1975: First license for UNIX sold 1980s: Popularity of closed-source software Software valued independent of hardware Richard Stallman Started the free software movement (1983) The GNU project GNU = GNU's Not Unix An operating system with unix-like interface GNU General Public License Free software: users have access to source, can modify and redistribute Must share modifications under same
    [Show full text]
  • Chapter 1 Introduction to Computers, Programs, and Java
    Chapter 1 Introduction to Computers, Programs, and Java 1.1 Introduction • The central theme of this book is to learn how to solve problems by writing a program . • This book teaches you how to create programs by using the Java programming languages . • Java is the Internet program language • Why Java? The answer is that Java enables user to deploy applications on the Internet for servers , desktop computers , and small hand-held devices . 1.2 What is a Computer? • A computer is an electronic device that stores and processes data. • A computer includes both hardware and software. o Hardware is the physical aspect of the computer that can be seen. o Software is the invisible instructions that control the hardware and make it work. • Computer programming consists of writing instructions for computers to perform. • A computer consists of the following hardware components o CPU (Central Processing Unit) o Memory (Main memory) o Storage Devices (hard disk, floppy disk, CDs) o Input/Output devices (monitor, printer, keyboard, mouse) o Communication devices (Modem, NIC (Network Interface Card)). Bus Storage Communication Input Output Memory CPU Devices Devices Devices Devices e.g., Disk, CD, e.g., Modem, e.g., Keyboard, e.g., Monitor, and Tape and NIC Mouse Printer FIGURE 1.1 A computer consists of a CPU, memory, Hard disk, floppy disk, monitor, printer, and communication devices. CMPS161 Class Notes (Chap 01) Page 1 / 15 Kuo-pao Yang 1.2.1 Central Processing Unit (CPU) • The central processing unit (CPU) is the brain of a computer. • It retrieves instructions from memory and executes them.
    [Show full text]
  • Some Preliminary Implications of WTO Source Code Proposala INTRODUCTION
    Some preliminary implications of WTO source code proposala INTRODUCTION ............................................................................................................................................... 1 HOW THIS IS TRIMS+ ....................................................................................................................................... 3 HOW THIS IS TRIPS+ ......................................................................................................................................... 3 WHY GOVERNMENTS MAY REQUIRE TRANSFER OF SOURCE CODE .................................................................. 4 TECHNOLOGY TRANSFER ........................................................................................................................................... 4 AS A REMEDY FOR ANTICOMPETITIVE CONDUCT ............................................................................................................. 4 TAX LAW ............................................................................................................................................................... 5 IN GOVERNMENT PROCUREMENT ................................................................................................................................ 5 WHY GOVERNMENTS MAY REQUIRE ACCESS TO SOURCE CODE ...................................................................... 5 COMPETITION LAW .................................................................................................................................................
    [Show full text]
  • Crowdsourcing: Today and Tomorrow
    Crowdsourcing: Today and Tomorrow An Interactive Qualifying Project Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE in partial fulfillment of the requirements for the Degree of Bachelor of Science by Fangwen Yuan Jun Liang Zhaokun Xue Approved Professor Sonia Chernova Advisor 1 Abstract This project focuses on crowdsourcing, the practice of outsourcing activities that are traditionally performed by a small group of professionals to an unknown, large community of individuals. Our study examines how crowdsourcing has become an important form of labor organization, what major forms of crowdsourcing exist currently, and which trends of crowdsourcing will have potential impacts on the society in the future. The study is conducted through literature study on the derivation and development of crowdsourcing, through examination on current major crowdsourcing platforms, and through surveys and interviews with crowdsourcing participants on their experiences and motivations. 2 Table of Contents Chapter 1 Introduction ................................................................................................................................. 8 1.1 Definition of Crowdsourcing ............................................................................................................... 8 1.2 Research Motivation ........................................................................................................................... 8 1.3 Research Objectives ...........................................................................................................................
    [Show full text]
  • Building Online Content and Community with Drupal
    Collaborative Librarianship Volume 1 Issue 4 Article 10 2009 Building Online Content and Community with Drupal Gabrielle Wiersma University of Colorado at Boulder, [email protected] Follow this and additional works at: https://digitalcommons.du.edu/collaborativelibrarianship Part of the Collection Development and Management Commons Recommended Citation Wiersma, Gabrielle (2009) "Building Online Content and Community with Drupal," Collaborative Librarianship: Vol. 1 : Iss. 4 , Article 10. DOI: https://doi.org/10.29087/2009.1.4.10 Available at: https://digitalcommons.du.edu/collaborativelibrarianship/vol1/iss4/10 This Review is brought to you for free and open access by Digital Commons @ DU. It has been accepted for inclusion in Collaborative Librarianship by an authorized editor of Digital Commons @ DU. For more information, please contact [email protected],[email protected]. Wiersma: Building Online Content and Community with Drupal Building Online Content and Community with Drupal Gabrielle Wiersma ([email protected]) Engineering Research and Instruction Librarian, University of Colorado at Boulder Libraries use content management systems Additionally, all users are allowed to post in order to create, manage, edit, and publish content without using code, which enables content on the Web more efficiently. Drupal less tech savvy users to contribute content (drupal.org), one such Web-based content just as easily as their more proficient coun- management system, is unique because it terparts. For example, a library could use employs a bottom-up strategy for Web de- Drupal to allow library staff to view and sign that separates the content of the site edit the library Web site, blog, and staff from the formatting which means that “you intranet.
    [Show full text]
  • Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK
    1 From Start-ups to Scale-ups: Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK Abstract—This paper1 describes some of the challenges and research questions that target the most productive intersection opportunities when deploying static and dynamic analysis at we have yet witnessed: that between exciting, intellectually scale, drawing on the authors’ experience with the Infer and challenging science, and real-world deployment impact. Sapienz Technologies at Facebook, each of which started life as a research-led start-up that was subsequently deployed at scale, Many industrialists have perhaps tended to regard it unlikely impacting billions of people worldwide. that much academic work will prove relevant to their most The paper identifies open problems that have yet to receive pressing industrial concerns. On the other hand, it is not significant attention from the scientific community, yet which uncommon for academic and scientific researchers to believe have potential for profound real world impact, formulating these that most of the problems faced by industrialists are either as research questions that, we believe, are ripe for exploration and that would make excellent topics for research projects. boring, tedious or scientifically uninteresting. This sociological phenomenon has led to a great deal of miscommunication between the academic and industrial sectors. I. INTRODUCTION We hope that we can make a small contribution by focusing on the intersection of challenging and interesting scientific How do we transition research on static and dynamic problems with pressing industrial deployment needs. Our aim analysis techniques from the testing and verification research is to move the debate beyond relatively unhelpful observations communities to industrial practice? Many have asked this we have typically encountered in, for example, conference question, and others related to it.
    [Show full text]
  • Understanding Code Forking in Open Source Software
    EKONOMI OCH SAMHÄLLE ECONOMICS AND SOCIETY LINUS NYMAN – UNDERSTANDING CODE FORKING IN OPEN SOURCE SOFTWARE SOURCE OPEN IN FORKING CODE UNDERSTANDING – NYMAN LINUS UNDERSTANDING CODE FORKING IN OPEN SOURCE SOFTWARE AN EXAMINATION OF CODE FORKING, ITS EFFECT ON OPEN SOURCE SOFTWARE, AND HOW IT IS VIEWED AND PRACTICED BY DEVELOPERS LINUS NYMAN Ekonomi och samhälle Economics and Society Skrifter utgivna vid Svenska handelshögskolan Publications of the Hanken School of Economics Nr 287 Linus Nyman Understanding Code Forking in Open Source Software An examination of code forking, its effect on open source software, and how it is viewed and practiced by developers Helsinki 2015 < Understanding Code Forking in Open Source Software: An examination of code forking, its effect on open source software, and how it is viewed and practiced by developers Key words: Code forking, fork, open source software, free software © Hanken School of Economics & Linus Nyman, 2015 Linus Nyman Hanken School of Economics Information Systems Science, Department of Management and Organisation P.O.Box 479, 00101 Helsinki, Finland Hanken School of Economics ISBN 978-952-232-274-6 (printed) ISBN 978-952-232-275-3 (PDF) ISSN-L 0424-7256 ISSN 0424-7256 (printed) ISSN 2242-699X (PDF) Edita Prima Ltd, Helsinki 2015 i ACKNOWLEDGEMENTS There are many people who either helped make this book possible, or at the very least much more enjoyable to write. Firstly I would like to thank my pre-examiners Imed Hammouda and Björn Lundell for their insightful suggestions and remarks. Furthermore, I am grateful to Imed for also serving as my opponent. I would also like to express my sincere gratitude to Liikesivistysrahasto, the Hanken Foundation, the Wallenberg Foundation, and the Finnish Unix User Group.
    [Show full text]
  • Open-Source Practices for Music Signal Processing Research Recommendations for Transparent, Sustainable, and Reproducible Audio Research
    MUSIC SIGNAL PROCESSING Brian McFee, Jong Wook Kim, Mark Cartwright, Justin Salamon, Rachel Bittner, and Juan Pablo Bello Open-Source Practices for Music Signal Processing Research Recommendations for transparent, sustainable, and reproducible audio research n the early years of music information retrieval (MIR), research problems were often centered around conceptually simple Itasks, and methods were evaluated on small, idealized data sets. A canonical example of this is genre recognition—i.e., Which one of n genres describes this song?—which was often evaluated on the GTZAN data set (1,000 musical excerpts balanced across ten genres) [1]. As task definitions were simple, so too were signal analysis pipelines, which often derived from methods for speech processing and recognition and typically consisted of simple methods for feature extraction, statistical modeling, and evalua- tion. When describing a research system, the expected level of detail was superficial: it was sufficient to state, e.g., the number of mel-frequency cepstral coefficients used, the statistical model (e.g., a Gaussian mixture model), the choice of data set, and the evaluation criteria, without stating the underlying software depen- dencies or implementation details. Because of an increased abun- dance of methods, the proliferation of software toolkits, the explo- sion of machine learning, and a focus shift toward more realistic problem settings, modern research systems are substantially more complex than their predecessors. Modern MIR researchers must pay careful attention to detail when processing metadata, imple- menting evaluation criteria, and disseminating results. Reproducibility and Complexity in MIR The common practice in MIR research has been to publish find- ©ISTOCKPHOTO.COM/TRAFFIC_ANALYZER ings when a novel variation of some system component (such as the feature representation or statistical model) led to an increase in performance.
    [Show full text]
  • Open Source in the Enterprise
    Open Source in the Enterprise Andy Oram and Zaheda Bhorat Beijing Boston Farnham Sebastopol Tokyo Open Source in the Enterprise by Andy Oram and Zaheda Bhorat Copyright © 2018 O’Reilly Media. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online edi‐ tions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Editor: Michele Cronin Interior Designer: David Futato Production Editor: Kristen Brown Cover Designer: Karen Montgomery Copyeditor: Octal Publishing Services, Inc. July 2018: First Edition Revision History for the First Edition 2018-06-18: First Release The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Open Source in the Enterprise, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the authors, and do not represent the publisher’s views. While the publisher and the authors have used good faith efforts to ensure that the informa‐ tion and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
    [Show full text]
  • FOSS Philosophy 6 the FOSS Development Method 7
    1 Published by the United Nations Development Programme’s Asia-Pacific Development Information Programme (UNDP-APDIP) Kuala Lumpur, Malaysia www.apdip.net Email: [email protected] © UNDP-APDIP 2004 The material in this book may be reproduced, republished and incorporated into further works provided acknowledgement is given to UNDP-APDIP. For full details on the license governing this publication, please see the relevant Annex. ISBN: 983-3094-00-7 Design, layout and cover illustrations by: Rezonanze www.rezonanze.com PREFACE 6 INTRODUCTION 6 What is Free/Open Source Software? 6 The FOSS philosophy 6 The FOSS development method 7 What is the history of FOSS? 8 A Brief History of Free/Open Source Software Movement 8 WHY FOSS? 10 Is FOSS free? 10 How large are the savings from FOSS? 10 Direct Cost Savings - An Example 11 What are the benefits of using FOSS? 12 Security 13 Reliability/Stability 14 Open standards and vendor independence 14 Reduced reliance on imports 15 Developing local software capacity 15 Piracy, IPR, and the WTO 16 Localization 16 What are the shortcomings of FOSS? 17 Lack of business applications 17 Interoperability with proprietary systems 17 Documentation and “polish” 18 FOSS SUCCESS STORIES 19 What are governments doing with FOSS? 19 Europe 19 Americas 20 Brazil 21 Asia Pacific 22 Other Regions 24 What are some successful FOSS projects? 25 BIND (DNS Server) 25 Apache (Web Server) 25 Sendmail (Email Server) 25 OpenSSH (Secure Network Administration Tool) 26 Open Office (Office Productivity Suite) 26 LINUX 27 What is Linux?
    [Show full text]
  • 10 Pitfalls of Open Source CMS. Customer and Web Developer Perspectives
    White Paper 10 Pitfalls of Open Source CMS. Customer and Web Developer Perspectives. INSIDE INTRODUCTION 2 PITFALLS? WHAT PITFALLS? 3 Demystifying the vendor 3 lock-in «Free» Doesn’t Mean 4 «No Cost» Reinventing The Wheel 6 EXECUTIVE SUMMARY Questionable Usability 7 9 Security: You Can’t Be Free open source software is highly-publicized as a cost-effective alterna- Too Careful These Days tive to proprietary software, delivering value in flexibility and true ownership. Support That Cuts 10 However, software customers should take into consideration a number of Both Ways factors that diminish this concept’s ability to meet real-life business require- A Highly Competitive 11 ments. The ten crucial open source CMS pitfalls overviewed in this white Market paper emphasize the advantages of hybrid licensed software – an alternative Medium And Large Enter- 12 software licensing approach that successfully combines the assurance of prise Market Prejudice pure proprietary solutions and openness of open source solutions. As a re- sult, hybrid licensed software allows web development companies to reduce Platform Dependence 12 web projects’ costs and time-to-market, while delivering more user-friendly The Legal Complications 13 and secure business applications to customers. HYBRID-LICENSED CMS: 14 WHAT’S IN A NAME? This white paper has tweetable references. To tweet the content ABOUT BITRIX 16 simply click the tweet button wherever it appears 2 10 Pitfalls of Open Source CMS. Web Developers and Customers Perspective. INTRODUCTION According to W3Techs1 approximately 90 percent of Alexa’s 1,000,000 top- ranked websites are running WordPress, Joomla!, Drupal, TYPO3 or other The content management highly-publicized open source CMS products.
    [Show full text]